A spokesperson for the Irish Data protection Commission (DPC) recently revealed in an interview that his organisation will be applying the General Data Protection Regulation (GDPR) legislation much more stringently in 2019.
Head of Communications with the DPC, Graham Doyle, was speaking to TNW when he said that GDPR clearly had a massive impact in 2018 as it made people think more about how their personal data is managed. He referred to the increasing amount of GDPR incidents being reported as an indicator of this. In 2018 there were 3,500 breach notifications and 2,500 complaints, almost twice the 2017 figures. Doyle is happy with this as the DPC spends considerable resources on awareness as it considers educating businesses and the public to be key part of its role.
He said: “We take a twin-pronged approach to upholding GDPR: enforcement and engaged supervision. Engaged supervision is where we engage with organizations, consult on personal data-related legislation, and with companies regarding their new products. Basically, when we engage with organizations, we try to assist them in getting it right from the beginning.”
He went on to say that 2019 will see the agency sanction penalties as current investigations come to a close and the body will be applying the rules of the legislation with great power in a bid to prevent future breached. He said: “The new toolkit that the GDPR has provided DPAs brings significantly enhanced powers. We will use the full powers afforded to us, and the full extent of the GDPR’s toolkit, where it’s appropriate to do so.”
Under GDPR legislation the maximum fine for a breach is €20m or 4% of annual global revenue, whichever figure is higher.
He also alluded to an increase in the scope of the GDPR investigations in 2019 when he said: “We’ll certainly be concluding some of the bigger investigations in 2019.”
However Doyle also pointed to the fact said that awareness of the legislation has greatly increased over the time leafing up the to May 25 2018 date that it came in to law. He said: “We conducted a survey in early 2017 where we assessed the awareness levels of the GDPR among businesses in Ireland and found it to be between 30% and 40%. However, when we redid the survey in May 2018, we were at around 90% awareness levels.”
The DPC is the local data protection agency in Ireland and is charged with ensuring that companies within its jurisdiction are adhering the regulation. Additionally it is expected to investigate any complaints that are submitted. As there are a large amount of multinational companies based in Ireland the scope for investigations is massive. Since the may 25 2018 introduction date there have been GDPR complaints registered against Facebook, Google and Twitter – all companies that have their EU headquarters based in Dublin.